I'm setting up a little home server using docker compose, and I'm using traefik to terminate my SSL connections/request certificates from Let's Encrypt. For the most part, this is working great, so thanks for building this!
One client does not send SNI when making the connection to my traefik container. Don't ask me why, I'm not sure. What I'd like to do is have Traefik default to the example.com certificate when it receives a request without SNI, instead of the Traefik default certificate.
The documentation suggests defaultGeneratedCert, but I can't figure out where to put the labels in my docker-compose.yml.
Here's what I have so far:
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:v2.10
restart: unless-stopped
# Enables the web UI and tells Traefik to listen to docker
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--log.level=DEBUG"
labels:
- "traefik.tls.stores.default.defaultgeneratedcert.resolver=myresolver"
- "traefik.tls.stores.default.defaultgeneratedcert.domain.main=example.com"
- traefik.http.routers.traefik-secure.tls=true
- traefik.http.routers.traefik-secure.tls.domains[0].main=example.com
- "traefik.http.routers.traefik-secure.tls.certresolver=myresolver"
- traefik.enable=true
ports:
# The HTTP port
- "443:443"
- "80:80"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik/files:/letsencrypt
Thanks for any help!
Similar topics I've read: